Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/53d56a-096e-458a-9a94-08a68632a63a/1/bWHKgCmcMYLntSLKZbrE6RObN7I.roa
File:                     bWHKgCmcMYLntSLKZbrE6RObN7I.roa (raw, json)
Hash identifier:          bAG5MeySUmSx1wWq4wvyULspP0dnGhiSl213COS0RnE=
Subject key identifier:   6D:61:CA:80:29:9C:31:82:E7:B5:22:CA:65:BA:C4:E9:13:9B:37:B2
Certificate issuer:       /CN=709d69957d333432accac810231e289388e302e2
Certificate serial:       018CC5013C51922A1BD5272DF430EB174E1B
Authority key identifier: 70:9D:69:95:7D:33:34:32:AC:CA:C8:10:23:1E:28:93:88:E3:02:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cJ1plX0zNDKsysgQIx4ok4jjAuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/53d56a-096e-458a-9a94-08a68632a63a/1/bWHKgCmcMYLntSLKZbrE6RObN7I.roa
Signing time:             Mon 01 Jan 2024 12:30:41 +0000
ROA not before:           Mon 01 Jan 2024 12:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197183
IP address blocks:        185.114.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/53d56a-096e-458a-9a94-08a68632a63a/1/cJ1plX0zNDKsysgQIx4ok4jjAuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/53d56a-096e-458a-9a94-08a68632a63a/1/cJ1plX0zNDKsysgQIx4ok4jjAuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cJ1plX0zNDKsysgQIx4ok4jjAuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3c:51:92:2a:1b:d5:27:2d:f4:30:eb:17:4e:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=709d69957d333432accac810231e289388e302e2
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d61ca80299c3182e7b522ca65bac4e9139b37b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:52:4d:f0:be:ee:1b:5a:18:44:34:aa:fe:b7:
                    6e:69:8c:1b:ee:71:07:43:c2:69:5d:b7:51:14:f3:
                    86:4b:35:bf:2e:96:ae:54:75:29:0c:b2:47:df:f4:
                    96:1c:e9:4f:17:8c:ec:fd:9a:34:83:7e:8d:ea:53:
                    18:f6:04:50:80:84:87:f8:e8:0d:ac:43:b9:01:f6:
                    22:a7:f3:9b:fc:91:d0:bc:39:58:5b:a2:15:55:34:
                    16:a9:11:e5:5b:57:31:d3:5a:91:b6:c9:59:bd:80:
                    7e:11:7f:53:b2:28:12:d6:d4:58:87:06:fd:ab:45:
                    5a:43:9e:0a:92:e0:d2:0e:5a:a1:c7:bf:20:8f:85:
                    73:f5:16:38:97:22:32:63:c6:54:21:2f:2b:94:6e:
                    9f:a1:2b:c9:b5:72:f1:c5:d4:0d:b2:82:f2:33:ad:
                    38:79:20:69:9b:b0:24:10:0f:32:9e:e9:7e:03:54:
                    42:12:4e:e2:63:97:65:d7:09:f9:b0:b4:61:a2:d6:
                    16:16:d2:cb:e9:da:a2:13:53:97:7e:bc:9c:83:dd:
                    88:5d:76:45:1e:cd:17:b5:31:38:df:a5:88:98:18:
                    cb:dc:3d:57:e7:14:86:a3:aa:43:ea:b1:48:50:53:
                    7d:13:2d:9d:9a:84:32:82:03:16:0f:88:12:f8:d3:
                    e5:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:61:CA:80:29:9C:31:82:E7:B5:22:CA:65:BA:C4:E9:13:9B:37:B2
            X509v3 Authority Key Identifier:
                keyid:70:9D:69:95:7D:33:34:32:AC:CA:C8:10:23:1E:28:93:88:E3:02:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cJ1plX0zNDKsysgQIx4ok4jjAuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/53d56a-096e-458a-9a94-08a68632a63a/1/bWHKgCmcMYLntSLKZbrE6RObN7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/53d56a-096e-458a-9a94-08a68632a63a/1/cJ1plX0zNDKsysgQIx4ok4jjAuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:d6:4f:bb:a1:d1:b0:91:01:5b:2a:98:b4:28:53:82:1d:5c:
         01:0d:e7:b1:c4:07:9e:8e:4d:5f:0c:6d:1c:01:dd:9b:67:7f:
         dd:7a:d9:b0:43:2c:c3:5f:da:3d:19:50:a2:29:38:f1:68:df:
         d9:c2:8e:c2:5a:c9:d4:5d:d9:94:bc:c6:65:3d:ad:ea:d3:ba:
         47:9c:24:39:d6:95:82:25:cb:7d:8f:c9:16:10:1d:2b:74:1b:
         c9:46:03:cf:a6:87:2b:f7:f3:6f:dd:39:3b:f0:5a:f9:48:2a:
         30:05:4d:45:d0:b8:e2:46:52:f4:47:0f:49:48:0b:42:f8:e2:
         36:0b:91:d2:6d:7f:8f:c9:05:80:d1:a9:0b:c0:04:32:99:83:
         10:23:29:fe:22:f5:59:75:8b:fe:14:84:7b:07:7d:bb:79:96:
         f6:41:c6:8d:94:f7:f6:c6:2c:04:c1:d5:21:34:7d:31:84:81:
         f3:2c:85:3d:73:ea:8e:53:dc:22:e3:b3:e3:76:02:47:c3:a8:
         1a:23:78:67:91:14:e4:9a:57:28:48:ed:b2:30:af:ec:7e:a4:
         7e:7e:e1:ee:05:bf:48:cc:0f:ab:63:ce:54:8f:31:fa:70:63:
         bf:2e:bc:26:16:9e:4d:38:6d:0c:71:84:46:e3:5c:2b:e4:75:
         9b:42:1e:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATxRkiob1Sct9DDrF04bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwOWQ2OTk1N2QzMzM0MzJhY2NhYzgxMDIzMWUyODkzODhl
MzAyZTIwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDYxY2E4MDI5OWMzMTgyZTdiNTIyY2E2NWJhYzRlOTEzOWIzN2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglJN8L7uG1oYRDSq/rduaYwb7nEH
Q8JpXbdRFPOGSzW/LpauVHUpDLJH3/SWHOlPF4zs/Zo0g36N6lMY9gRQgISH+OgN
rEO5AfYip/Ob/JHQvDlYW6IVVTQWqRHlW1cx01qRtslZvYB+EX9TsigS1tRYhwb9
q0VaQ54KkuDSDlqhx78gj4Vz9RY4lyIyY8ZUIS8rlG6foSvJtXLxxdQNsoLyM604
eSBpm7AkEA8ynul+A1RCEk7iY5dl1wn5sLRhotYWFtLL6dqiE1OXfrycg92IXXZF
Hs0XtTE436WImBjL3D1X5xSGo6pD6rFIUFN9Ey2dmoQyggMWD4gS+NPlnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1hyoApnDGC57UiymW6xOkTmzeyMB8GA1UdIwQY
MBaAFHCdaZV9MzQyrMrIECMeKJOI4wLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0oxcGxYMHpOREtzeXNnUUl4NG9rNGpqQXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81M2Q1NmEtMDk2ZS00NThhLTlhOTQt
MDhhNjg2MzJhNjNhLzEvYldIS2dDbWNNWUxudFNMS1pickU2Uk9iTjdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81M2Q1NmEtMDk2ZS00NThhLTlhOTQtMDhhNjg2MzJhNjNh
LzEvY0oxcGxYMHpOREtzeXNnUUl4NG9rNGpqQXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXKvMA0G
CSqGSIb3DQEBCwUAA4IBAQAK1k+7odGwkQFbKpi0KFOCHVwBDeexxAeejk1fDG0c
Ad2bZ3/detmwQyzDX9o9GVCiKTjxaN/Zwo7CWsnUXdmUvMZlPa3q07pHnCQ51pWC
Jct9j8kWEB0rdBvJRgPPpocr9/Nv3Tk78Fr5SCowBU1F0LjiRlL0Rw9JSAtC+OI2
C5HSbX+PyQWA0akLwAQymYMQIyn+IvVZdYv+FIR7B327eZb2QcaNlPf2xiwEwdUh
NH0xhIHzLIU9c+qOU9wi47PjdgJHw6gaI3hnkRTkmlcoSO2yMK/sfqR+fuHuBb9I
zA+rY85UjzH6cGO/LrwmFp5NOG0McYRG41wr5HWbQh74
-----END CERTIFICATE-----